Last week I was invited to provide input on a company strategy as member of a panel of privacy experts. It was a nice opportunity to exchange thoughts on the commercial use of data. Here are some key points discussed during the session.
- Anonymisation is not always a solution. Organisations often think that data usage is not a problem as long as the data is anonymised. Even though such plans could be compliant with data protection law if done well (although anonymisation is very difficult), this could still put the reputation of a company at risk. Arguably, recent privacy-uproars in the Netherlands grew out of a sense of betrayal of the customer: the growing feeling that ‘everything you say or do can be used against you’. People feel sold out if they generate data when using a platform, and the platform subsequently appears to be using the data against them, for example when TomTom turned out to be selling aggregated traffic data to the police (even though the privacy regulator concluded in its subsequent investigation that the aggregated data sharing was in fact compliant with Dutch data protection law).
- Value added services are rare. But what about true value added services: companies should be able to use customer data to improve the lives of their customers, right? Yes, but actual improvements are few and far between. For example, serving targeted advertisements isn’t an improvement of the lives of customers, compared to serving broadcast advertisements: it only allows advertisers to better target users to sell them products. But if an organisation on the basis of the analysis of aggregate user data for example advises customers how to lower their costs when using its services, this could indeed be an improvement.
- Paying customers have stronger privacy expectations. This comes as no surprise. Most people are at least somewhat aware of the trade-off they make when using Google: they get to use its services for free, and in turn hand over the data of their friends and themselves for Google’s systems to analyse. Similarly, if they actually pay for using the service, most people will assume their data is not being used for commercial purposes. This was probably one of the sources of discontent of the privacy uproar when ING announced it would start using the financial data of its customers.
As companies gather more customer data, internal debates on commercialisation will grow stronger. Compliance with data protection laws does not offer a guarantee that a company won’t become the subject of a heated privacy debate. If you’re in doubt about your commercial data strategy, feel free to ask for advice.